Forum Discussion

DrBojlerGyula's avatar
DrBojlerGyula
Copper Contributor
Dec 14, 2021

App Protection iOS & Android - the operation couldn't be completed (MSALErrorDomain error -50000)

Hi All!

 

I have a strange behavior.

 

The current setup is:

We are using iOS and Android devices with conditional access policies and application protection policies. The conditional access policies are enforcing the application protection policy.

The app protection policy is enforcing a 4 digit PIN code to access the Microsoft 365 apps.

 

The future setup is:

The updated app protection policy will enforce a 6 digit PIN code, instead of the 4 digit PIN code.

 

The behavior / problem:

Enabling the new policy for a test user group leads to the following problems:

  • on IOS the user gets a authentication loop: the authentication has to be done 6-7x and after that an error message appears: 

  • On Android there is also a sing-in loop, where the user has to sign-in several times.

With this behaviour we cannot roll the update for 5000 users out.

 

Does anybody know how to adress the issue?

 

 

 

  • Hi just wondering but could you tell us which app is giving you that error? And are the office 365 apps uptodate ?as well as the device itself?

     

    The error you got means "user canceled interactive authentication" if i am not mistaken
    ANd I am also reading app protection policies, do the devices also have the broker app installed (mfa auth or for android the company app portal)

    And are those devices mdm enrolled or are they byod?

    • DrBojlerGyula's avatar
      DrBojlerGyula
      Copper Contributor
      Hi!

      Thanks for your reply.
      The answers to your question:
      MS Teams is the application, device and app is up to date.

      On Android the Intune Company Portal App is installed.

      These are Android and iOS bring your own-devices.
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP

        Just wondering, but what happens when (if thats possible) they first open Microsoft outlook to check if that's working and if so open teams... 

         

        Could you also show us the CA config in wich you enforce app protection ?

         

        And maybe a stupid thought... but are terms of use configured ? 

Resources